/**
 * Copyright (c) 2018 - 2020, Nordic Semiconductor ASA
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modification,
 * are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice, this
 *    list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form, except as embedded into a Nordic
 *    Semiconductor ASA integrated circuit in a product or a software update for
 *    such product, must reproduce the above copyright notice, this list of
 *    conditions and the following disclaimer in the documentation and/or other
 *    materials provided with the distribution.
 *
 * 3. Neither the name of Nordic Semiconductor ASA nor the names of its
 *    contributors may be used to endorse or promote products derived from this
 *    software without specific prior written permission.
 *
 * 4. This software, with or without modification, must only be used with a
 *    Nordic Semiconductor ASA integrated circuit.
 *
 * 5. Any software provided in binary form under this license must not be reverse
 *    engineered, decompiled, modified and/or disassembled.
 *
 * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#ifndef NRF_CRYPTO_RNG_H__
#define NRF_CRYPTO_RNG_H__

/** @file
 *
 * @defgroup nrf_crypto_rng RNG related functions
 * @{
 * @ingroup nrf_crypto
 *
 * @brief RNG related functions
 *
 * @details There are two available RNG backends:
 *              - ARM CryptoCell CC310 (default for devices with CC310).
 *              - nRF HW RNG peripheral.
 *                * CTR-DRBG mode - nRF HW RNG used for seeding mbed TLS CTR-DRBG (default for
 *                  devices without CC310).
 *                * Raw mode - all data is generated by the nRF HW RNG.
 *
 *          The CC310 backend meets the standards NIST 800-90B3 and AIS-31 (Class “P2 High”), and
 *          should be preferred in most cases on devices that includes the CC310 core. Devices that
 *          do not include CC310 should normally use the nRF HW RNG with mbed TLS CTR-DRBG. The
 *          mbed TLS CTR-DRBG code is standardized by NIST (SP 800-90A Rev. 1).
 */

#include "sdk_common.h"
#include "nrf_crypto_error.h"
#include "nrf_crypto_rng_shared.h"
#include "nrf_crypto_rng_backend.h"

#ifdef __cplusplus
extern "C" {
#endif


/**
 * @brief Context type for RNG.
 *
 * @note The actual type depend on the backend in use.
 */
typedef nrf_crypto_backend_rng_context_t nrf_crypto_rng_context_t;


/**
 * @brief Temporary work buffer type for RNG.
 *
 * @details Only needed during initializing. Can be freed when @ref nrf_crypto_rng_init has
 *          returned. Not needed if @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
 *          in @ref sdk_config.
 *
 * @note The actual type depend on the backend in use.
 */
typedef nrf_crypto_backend_rng_temp_buffer_t nrf_crypto_rng_temp_buffer_t;


/**@brief Initialize the random number generator.
 *
 * @details This function has no effect when @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is enabled.
 *
 * @warning The p_temp_buffer is 6112 bytes when using the CC310 backend. Ensure that stack size
 *          is sufficient if allocated on stack. Applications that use nRF HW RNG as backend or are
 *          not RAM constrained can use internal static allocation of context and temporary buffers
 *          (@ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED).
 *
 * @note  The context object can be reused without the need for a full reinitialization of the
 *        backend in case of for example wakeup from system OFF, provided that the context is
 *        located in a memory block that is retained. This only apply to the CC310 backend, and when
 *        the context is allocated manually (NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED disabled).
 *
 * @param[in]       p_context       Pointer to context memory. The context will be managed
 *                                  internally, and the pointer is not used for subsequent calls to
 *                                  the nrf_crypto_rng API. The context memory is needed until
 *                                  @ref nrf_crypto_rng_uninit is called, so it should normally not
 *                                  be on the stack. Use NULL if
 *                                  @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
 *                                  in @ref sdk_config (recommended for most applications).
 *
 * @param[in,out]   p_temp_buffer   Temporary buffer needed during initialization of the backend. It
 *                                  is not used after the return of this function, and can be freed
 *                                  at that point. Buffer is allocated internally if the pointer is
 *                                  NULL, using the allocated defined by @ref NRF_CRYPTO_ALLOCATOR
 *                                  in @c sdk_config.h. Use NULL if
 *                                  @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
 *                                  in @ref sdk_config (recommended for most applications).
 *
 * @retval  NRF_SUCCESS                         If random number generator was initialized
 *                                              successfully.
 * @retval  NRF_ERROR_CRYPTO_NOT_INITIALIZED    @ref nrf_crypto_init was not called prior to this
 *                                              function.
 * @retval  NRF_ERROR_CRYPTO_CONTEXT_NULL       p_context was NULL.
 * @retval  NRF_ERROR_CRYPTO_INTERNAL           If an internal error occurred in the nrf_crypto
 *                                              backend.
 * @retval  NRF_ERROR_CRYPTO_ALLOC_FAILED       Unable to allocate memory for the context or work
 *                                              buffer.
 * @retval  NRF_ERROR_CRYPTO_STACK_OVERFLOW     Stack overflow detected. Typically caused by
 *                                              allocating an instance of
 *                                              @ref nrf_crypto_rng_temp_buffer_t
 *                                              on the stack when using CC310 backend.
 * @retval  NRF_ERROR_CRYPTO_BUSY               RNG is busy. Rerun at a later time.
 */
ret_code_t nrf_crypto_rng_init(nrf_crypto_rng_context_t       * p_context,
                               nrf_crypto_rng_temp_buffer_t   * p_temp_buffer);


/**@brief Uninitialize the random number generator.
 *
 * @retval  NRF_SUCCESS                                 If RNG was uninitialized successfully.
 * @retval  NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED    RNG has not been initialized.
 * @retval  NRF_ERROR_CRYPTO_INTERNAL                   If an internal error occurred in the
 *                                                      nrf_crypto backend.
 * @retval  NRF_ERROR_CRYPTO_BUSY                       RNG is busy. Rerun at a later time.
 */
ret_code_t nrf_crypto_rng_uninit(void);


/**@brief Generate random data of given size.
 *
 * @details @ref nrf_crypto_rng_init must be called prior to this function unless
 *          @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is enabled in @ref sdk_config.
 *
 * @param[in,out]   p_target    Buffer to hold the random generated data.
 *                              This buffer must be at least as large as the size parameter.
 * @param[in]       size        Length (in bytes) to generate random data for.
 *
 * @retval  NRF_SUCCESS                                 Data was generated successfully.
 * @retval  NRF_ERROR_CRYPTO_NOT_INITIALIZED            @ref nrf_crypto_init was not called prior to
 *                                                      this function.
 * @retval  NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED    @ref nrf_crypto_rng_init was not called
 *                                                      prior to this function and
 *                                                      @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is
 *                                                      disabled.
 * @retval  NRF_ERROR_CRYPTO_OUTPUT_NULL                p_target was NULL.
 * @retval  NRF_ERROR_CRYPTO_OUTPUT_LENGTH              Size was 0 or larger than the backend
 *                                                      supports.
 * @retval  NRF_ERROR_CRYPTO_INTERNAL                   If an internal error occurred in the
 *                                                      backend.
 * @retval  NRF_ERROR_CRYPTO_STACK_OVERFLOW             Stack overflow detected in
 *                                                      @ref nrf_crypto_rng_init when using auto
 *                                                      initialization. Typically caused by
 *                                                      allocating an instance of
 *                                                      @ref nrf_crypto_rng_temp_buffer_t
 *                                                      on the stack when using CC310 backend.
 * @retval  NRF_ERROR_CRYPTO_BUSY                       RNG is busy. Rerun at a later time.
 */
ret_code_t nrf_crypto_rng_vector_generate(uint8_t * const p_target, size_t size);


/**@brief Generate a vector of constrained random data of given size, between the specified min
 *        and max values.
 *
 * @details @ref nrf_crypto_rng_init must be called prior to this function unless
 *          @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is enabled in @ref sdk_config.
 *
 *          All vectors are in big-endian format, with the most significant byte as the first
 *          element / lowest address.
 *
 * @note This function may execute for a long time if the window between p_min and p_max is small.
 *
 * @param[in,out]   p_target    Buffer to hold the random generated data.
 *                              This buffer must be at least as large as the size parameter.
 * @param[in]       p_min       Byte array defining the lower limit of the random vector.
 * @param[in]       p_max       Byte array defining the upper limit of the random vector.
 * @param[in]       size        Length (in bytes) to generate random data for. Note that all three
 *                              buffers (p_target, p_min and p_max) must be of this size.
 *
 * @retval  NRF_SUCCESS                                 Data was generated successfully.
 * @retval  NRF_ERROR_CRYPTO_NOT_INITIALIZED            @ref nrf_crypto_init was not called prior to
 *                                                      this function.
 * @retval  NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED    @ref nrf_crypto_rng_init was not called
 *                                                      prior to this function and
 *                                                      @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is
 *                                                      disabled.
 * @retval  NRF_ERROR_CRYPTO_OUTPUT_NULL                p_target was NULL.
 * @retval  NRF_ERROR_CRYPTO_INPUT_NULL                 p_min or p_max was NULL.
 * @retval  NRF_ERROR_CRYPTO_OUTPUT_LENGTH              Size was 0 or larger than the backend
 *                                                      supports.
 * @retval  NRF_ERROR_CRYPTO_INTERNAL                   If an internal error occurred in the
 *                                                      backend.
 * @retval  NRF_ERROR_CRYPTO_STACK_OVERFLOW             Stack overflow detected in
 *                                                      @ref nrf_crypto_rng_init when using auto
 *                                                      initialization. Typically caused by
 *                                                      allocating an instance of
 *                                                      @ref nrf_crypto_rng_temp_buffer_t
 *                                                      on the stack when using CC310 backend.
 * @retval  NRF_ERROR_CRYPTO_BUSY                       RNG is busy. Rerun at a later time.
 */
ret_code_t nrf_crypto_rng_vector_generate_in_range(uint8_t          * const p_target,
                                                   uint8_t    const * const p_min,
                                                   uint8_t    const * const p_max,
                                                   size_t                   size);


/**
 * @brief This function is used for reseeding the RNG with additional entropy.
 * 
 * @details The backends will reseed automatically when required. This function can be used to
 *          reseed at specific times and to provide additional data that is used to add personalized
 *          randomness.
 *
 * @note Reseeding is not supported if using the nRF HW RNG backend without mbed TLS CTR-DRBG
 *       (NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED disabled in sdk_config.h).
 *
 * @warning The p_temp_buffer is 6112 bytes when the CC310 backend is used. Ensure that stack size
 *          is sufficient if allocated on stack.
 *
 * @param[in,out]   p_temp_buffer   Temporary buffer needed during reseeding. It
 *                                  is not used after the return of this function, and can be freed
 *                                  at that point. Buffer is allocated internally if the pointer is
 *                                  NULL, using the allocated defined by @ref NRF_CRYPTO_ALLOCATOR
 *                                  in @c sdk_config.h. Use NULL if
 *                                  @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
 *                                  in @ref sdk_config (recommended for most applications).
 * @param[in]       p_input_data    Optional input data used to increase the entropy.
 * @param[in]       size            Length of input data. Must be 0, 4, 8 or 12 for CC310.
 *
 * @retval  NRF_SUCCESS                                 Data was generated successfully.
 * @retval  NRF_ERROR_CRYPTO_NOT_INITIALIZED            @ref nrf_crypto_init was not called prior to
 *                                                      this function.
 * @retval  NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED    @ref nrf_crypto_rng_init was not called
 *                                                      prior to this function and
 *                                                      @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is
 *                                                      disabled.
 * @retval  NRF_ERROR_CRYPTO_INPUT_NULL                 p_temp_buffer was NULL or p_input_data was
 *                                                      NULL and size > 0 .
 * @retval  NRF_ERROR_CRYPTO_INPUT_LENGTH               Invalid input data size.
 * @retval  NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE        Reseeding not supported by backend.
 * @retval  NRF_ERROR_CRYPTO_INTERNAL                   If an internal error occurred in the
 *                                                      backend.
 * @retval  NRF_ERROR_CRYPTO_STACK_OVERFLOW             Stack overflow detected. Typically caused by
 *                                                      allocating an instance of
 *                                                      @ref nrf_crypto_rng_temp_buffer_t
 *                                                      on the stack when using CC310 backend.
 * @retval  NRF_ERROR_CRYPTO_BUSY                       RNG is busy. Rerun at a later time.
 */
ret_code_t nrf_crypto_rng_reseed(nrf_crypto_rng_temp_buffer_t * p_temp_buffer,
                                 uint8_t                      * p_input_data,
                                 size_t                         size);


#ifdef __cplusplus
}
#endif

/**@} */

#endif // NRF_CRYPTO_RNG_H__
